K
Q

Docker registry in kubernetes with cert-manager

8/14/2018

I'm using cert-manager for SSL management with configuration on ingress level. For example this config for <myhost>.com (skipping metadata and other not-related config parts):

kind: Certificate
spec:
  secretName: myhost-tls
  issuerRef:
    name: letsencrypt-dns
    kind: ClusterIssuer
---
kind: Ingress
...
spec:
  tls:
    - hosts:
      - myhost.com
    secretName: myhost-tls
...

Now I'm trying to move my docker registry into kubernetes cluster, but it requires certificate file to configure registry deployment.

Is it possible to use docker registry without SSL (because encryption can be done on ingress level) or use cert-manager to get certificate from docker registry?

-- Kirill
cert-manager
docker
docker-registry
kubernetes
ssl-certificate

Similar Questions

Fluentd Regular Expression Matching Error
Kubernetes Network Policy Egress only allow to certain IP and port
Why I can't expose the grafana that comes from istio with Istio Gateway?
How to consume Istio-based Service that enables `mtls`?

1 Answer

8/14/2018

You can allow the insecure registry in the following way on each node in the cluster:

docker daemon --insecure-registry=255.255.255.255:5000

You can also edit /etc/default/docker and include the following line which will do the above for you:

DOCKER_OPTS="--insecure-registry=5.179.232.65:5000"

The DOCKER_OPTS variable will automatically include that option for the Docker daemon.

-- Neekoy
Source: StackOverflow